Educause Security Discussion mailing list archives
Re: Passwords & Passphrases
From: "Julian J Thompson (jthmpsn2)" <jthmpsn2 () MEMPHIS EDU>
Date: Mon, 19 Nov 2007 13:02:14 -0600
Just FYI - We use various password/passphrase methods mentioned - but, we require all admin accounts to be over 14 characters in length. Since windows doesn't store the LM hash in anything over 14 characters it makes it hard to crack :-) Still open to keyloggers though, 2 factor is on the way :-) -- (J) -----Original Message----- From: Randy Marchany [mailto:marchany () CANDI2 CIRT VT EDU] Sent: Monday, November 19, 2007 12:34 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Passwords & Passphrases We've been using a tool called "ophtcrack" to break into systems where the user forgot their passwords. It uses Rainbow tables to guess passwords and so far on Windows boxes, we've successfully retrieved up to 12 character passwords within 10 minutes. The passwords followed our guidelines. This tool does require physical access to the machine. Special characters can significantly lengthen the guess time but basically, we need to find another way to authenticate (2-way authentication AKA the ATM card/pin code model) in the long term. -Randy Marchany VA Tech IT Security Office and Lab
Attachment:
smime.p7s
Description:
Current thread:
- Passwords & Passphrases Brian T Nichols (Nov 19)
- <Possible follow-ups>
- Re: Passwords & Passphrases Torres, Juan (Nov 19)
- Re: Passwords & Passphrases J. Alex Campoe (Nov 19)
- Re: Passwords & Passphrases Roger Safian (Nov 19)
- Re: Passwords & Passphrases HALL, NATHANIEL D. (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Steve Worona (Nov 19)
- Re: Passwords & Passphrases Julian J Thompson (jthmpsn2) (Nov 19)
- Re: Passwords & Passphrases Bob Bayn (Nov 19)
- Re: Passwords & Passphrases Julian J Thompson (jthmpsn2) (Nov 19)
- Re: Passwords & Passphrases Shane Bishop (Nov 19)
- Re: Passwords & Passphrases Sweeny, Jonny (Nov 19)
- Re: Passwords & Passphrases Shane Bishop (Nov 19)
- Re: Passwords & Passphrases Martin Manjak (Nov 19)
- Re: Passwords & Passphrases Gary Flynn (Nov 19)
- Re: Passwords & Passphrases Peters, Kevin (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Gene Spafford (Nov 19)
(Thread continues...)